package com.daiqee.shiro.filter;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * 处理roles or的关系
 * 
 * <br/>
 * @since JDK 1.8
 * @version  V1.0
 * @author RichardTang 
 * @date: 2018-1-29
 * @package com.daiqee.filter
 * @copyright:Copyright (c) 2018, 1245811923@qq.com All Rights Reserved.
 */
public class RolesOrOfAuthorizationFilter extends AuthorizationFilter {

	@Override
	 protected boolean isAccessAllowed(ServletRequest request,ServletResponse response, Object mappedValue) throws Exception
	 {
			Subject subject = getSubject(request, response);  
	        String[] rolesArray = (String[]) mappedValue;  
	        
	        if (rolesArray == null || rolesArray.length == 0) 
	        {  
	            return true;  
	        }  
	        for(int i=0;i<rolesArray.length;i++)
	        {
	            if(subject.hasRole(rolesArray[i]))
	            {  
	                return true;  
	            }  
	        }  
	        return false;  
	 }

}
